4 matches found
Oracle Linux 8 : nodejs:16 (ELSA-2024-1444)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1444 advisory. - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging Tenable h...
SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...
CVE-2024-22019
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...
Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
A vulnerability in Node.js HTTP servers was discovered that allowed denial of service DoS attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to re...